Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Port 1026-1031 update - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Port 1026-1031 update
This is an update for our prior diary ( http://isc.sans.org/diary.html?date=2003-11-25 ) .

We observed strong fluctuations in this traffic, indicating a central control mechanism. Based on feedback from sources of this traffic, we suspect that the
traffic may be related to a popup-spam blocking application. Several users reported seeing the udp traffic to port 1026-1031 after installing this software.

In our own testing, this software has not yet exhibited this behaviour.

This particular popup spam blocker is advertised via popup spam. So it would make sense for the application to use hosts on which it is installed to 'spread the message'.
Handlers

76 Posts

Sign Up for Free or Log In to start participating in the conversation!